Date: 20 October 2018
Message: Linksys is aware of the GhostDNS and other similar DNSChanger malware variants recently reported by various cyber security researchers.
According to the findings, GhostDNS has many similarities with previous versions of DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users’ internet traffic through malicious servers and steal sensitive data. GhostDNS scans for the IP addresses for routers that use weak passwords or no password at all, accesses the routers’ settings, and changes the router’s default DNS address to the one controlled by the attackers.
If you are concerned that your router has been compromised, follow the steps below:
- Restore your router to factory default settings1
- Make sure your router is running on the latest firmware version to ensure all the latest security patches are updated
- You can check if the latest firmware is running on your router via the “Automatic Firmware Update” feature from Linksys Web GUI 2 “Connectivity” section
- Alternatively, you can download the latest firmware of your router3 and perform a manual update4.
- Change the router’s default admin password5 to a more complex password to keep attackers from accessing the router’s settings
- Ensure your SPI Firewall is enabled6.
- Change the LAN subnet to a less frequently used one to reduce the possibility of an internal attack7.
- Example: 192.168.187.0/24
Access the following links for assistance:
1 How to factory reset your router: https://www.linksys.com/us/support-article/?articleNum=139791
2 How to access your Router’s Web GUI: https://www.linksys.com/sg/support-article/?articleNum=140973
3 To download the latest firmware for your router: https://www.linksys.com/sg/support-article/?articleNum=135206
4 To manually upgrade your router’s firmware: https://www.linksys.com/sg/support-article/?articleNum=140365
5 For detailed configuration on how to change your default admin password, you can refer to these links:
- WEB GUI – https://www.linksys.com/us/support-article?articleNum=142491
- MOBILE APPS – https://www.linksys.com/us/support-article?articleNum=203476
6 Linksys routers have SPI Firewall features enabled by default. It is RECOMMENDED to keep the Firewall enabled. If this feature is disabled by accident, go to Security -> Firewall -> check IPv4 & IPv6 SPI Firewall protection
7 How to change the IP address of your router: https://www.linksys.com/us/support-article?articleNum=142466
For more information please contact Linksys support page at https://www.linksys.com/sg/support/